From 60f383e01f299fa6dfcc54b5a5d44ab2d31ea0e4 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 13 Sep 2019 17:15:37 +0100 Subject: [PATCH 1/2] tls: Update export keys callback to use const Mbed TLS's export keys callback requires the hello.random (for both server and client) to be const. Make the callbacks in Mbed OS that use the key export feature use const to match. --- .../Security/protocols/tls_sec_prot/tls_sec_prot_lib.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/features/nanostack/sal-stack-nanostack/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c b/features/nanostack/sal-stack-nanostack/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c index b6cec1412d..6b631e20f5 100644 --- a/features/nanostack/sal-stack-nanostack/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c +++ b/features/nanostack/sal-stack-nanostack/source/Security/protocols/tls_sec_prot/tls_sec_prot_lib.c @@ -85,8 +85,8 @@ static int tls_sec_prot_lib_ssl_send(void *ctx, const unsigned char *buf, size_t static int tls_sec_prot_lib_ssl_recv(void *ctx, unsigned char *buf, size_t len); static int tls_sec_prot_lib_ssl_export_keys(void *p_expkey, const unsigned char *ms, const unsigned char *kb, size_t maclen, size_t keylen, - size_t ivlen, unsigned char client_random[32], - unsigned char server_random[32], + size_t ivlen, const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type); #ifdef TLS_SEC_PROT_LIB_TLS_DEBUG static void tls_sec_prot_lib_debug(void *ctx, int level, const char *file, int line, const char *string); @@ -405,8 +405,8 @@ static int tls_sec_prot_lib_ssl_recv(void *ctx, unsigned char *buf, size_t len) static int tls_sec_prot_lib_ssl_export_keys(void *p_expkey, const unsigned char *ms, const unsigned char *kb, size_t maclen, size_t keylen, - size_t ivlen, unsigned char client_random[32], - unsigned char server_random[32], + size_t ivlen, const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type) { (void) kb; From eb00fbadb4ca7551b181570e055a4f16ef656aa8 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 16 Sep 2019 16:23:58 +0100 Subject: [PATCH 2/2] tls: Update to Mbed TLS 2.19.1 Update Mbed TLS to Mbed TLS 2.19.1. --- features/mbedtls/VERSION.txt | 2 +- features/mbedtls/importer/Makefile | 2 +- features/mbedtls/inc/mbedtls/check_config.h | 8 ++++++++ features/mbedtls/inc/mbedtls/ssl.h | 7 ++++--- features/mbedtls/src/ssl_tls.c | 5 ++--- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/features/mbedtls/VERSION.txt b/features/mbedtls/VERSION.txt index cfa2e5f977..ef825252be 100644 --- a/features/mbedtls/VERSION.txt +++ b/features/mbedtls/VERSION.txt @@ -1 +1 @@ -mbedtls-2.19.0 +mbedtls-2.19.1 diff --git a/features/mbedtls/importer/Makefile b/features/mbedtls/importer/Makefile index 4bda69efe3..d556591f36 100644 --- a/features/mbedtls/importer/Makefile +++ b/features/mbedtls/importer/Makefile @@ -27,7 +27,7 @@ # # Set the mbed TLS release to import (this can/should be edited before import) -MBED_TLS_RELEASE ?= mbedtls-2.19.0 +MBED_TLS_RELEASE ?= mbedtls-2.19.1 MBED_TLS_REPO_URL ?= git@github.com:ARMmbed/mbedtls-restricted.git # Translate between mbed TLS namespace and mbed namespace diff --git a/features/mbedtls/inc/mbedtls/check_config.h b/features/mbedtls/inc/mbedtls/check_config.h index 72d2376166..1c93331af0 100644 --- a/features/mbedtls/inc/mbedtls/check_config.h +++ b/features/mbedtls/inc/mbedtls/check_config.h @@ -305,6 +305,14 @@ #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites" +#endif + +#if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites" +#endif + #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_PADLOCK_C defined, but not all prerequisites" #endif diff --git a/features/mbedtls/inc/mbedtls/ssl.h b/features/mbedtls/inc/mbedtls/ssl.h index 458857f6c2..655f59d328 100644 --- a/features/mbedtls/inc/mbedtls/ssl.h +++ b/features/mbedtls/inc/mbedtls/ssl.h @@ -970,7 +970,8 @@ struct mbedtls_ssl_config * tls_prf and random bytes. Should replace f_export_keys */ int (*f_export_keys_ext)( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, - unsigned char[32], unsigned char[32], mbedtls_tls_prf_types ); + const unsigned char[32], const unsigned char[32], + mbedtls_tls_prf_types ); void *p_export_keys; /*!< context for key export callback */ #endif @@ -1925,8 +1926,8 @@ typedef int mbedtls_ssl_export_keys_ext_t( void *p_expkey, size_t maclen, size_t keylen, size_t ivlen, - unsigned char client_random[32], - unsigned char server_random[32], + const unsigned char client_random[32], + const unsigned char server_random[32], mbedtls_tls_prf_types tls_prf_type ); #endif /* MBEDTLS_SSL_EXPORT_KEYS */ diff --git a/features/mbedtls/src/ssl_tls.c b/features/mbedtls/src/ssl_tls.c index f4bca87d21..a7facb81a2 100644 --- a/features/mbedtls/src/ssl_tls.c +++ b/features/mbedtls/src/ssl_tls.c @@ -1427,9 +1427,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, master, keyblk, mac_key_len, keylen, iv_copy_len, - /* work around bug in exporter type */ - (unsigned char *) randbytes + 32, - (unsigned char *) randbytes, + randbytes + 32, + randbytes, tls_prf_get_type( tls_prf ) ); } #endif